PRIVACY POLICY
- Data protection information for business partners and customersWith the following information, we provide you with an overview of the processing of your personal data by us and your rights under the data protection regulation (GDPR). Which data is processed in detail and how it is used depends largely on the services requested or agreed in each case.
- Controller and data protection officerController is: Toppan Europe GmbH Toulouser Allee 19A 40211 Düsseldorf Tel.: +49211 7327600 E-Mail: dpo [at] toppan-europe.com You can contact our data protection officer at: Toppan Europe GmbH Attn: Data Protection Officer Toulouser Allee 19A 40211 Düsseldorf Tel.: +49211 7327600 E-Mail: dpo [at] toppan-europe.com
- What do we process your data for (purpose of processing) and on what legal basis?We process your data in accordance with the GDPR and the German Federal Data Protection Act (BDSG) for the purposes listed here and rely on the following legal basis:
In the event that you have given us your consent, we use your data for the purposes stated in the declaration of consent (Art. 6 (1) (a) GDPR).Purpose Legal basis Conclusion and performance of contracts Article 6 (1) (b) GDPR (processing is necessary for the performance of a contract to which the data subject is party). Provision of customer service Article 6 (1) (b) GDPR: for inquiries related to the performance of a contract (e.g., guarantee, repair and servicing) Article 6 (1) (f) GDPR: In case of other topics apart from the contract itself. Our legitimate interest lies in the provision of our customer service (e.g., answering your questions and offering goods) Informing you about new services and products Article 6 (1) (f) GDPR: Our legitimate lies in informing you about the latest services and products. Creating statistics and analytics of sales and purchases Article 6 (1) (f) GDPR: Our legitimate lies in gaining further information on the market ap-peal of our products. Contacting business partners after business events (e.g., trade fairs) Article 6 (1) (b) GDPR: for inquiries related to the possible conclusion of a contract (e.g., quotes) Article 6 (1) (f) GDPR: In case of general follow ups after business events which are not related to a possible conclusion of a contract. Our legitimate interest lies in the communica-tion with potential business partners. - What data do we process?We generally process the following data within the scope of the aforementioned purposes:
- Information on subject: name, second name, working address, telephone and mobile numbers, e-mail address, date of birth, gender, country of residence, other information contained in business cards including a photo, company affiliation and position in the company.
- IP-address: website-information, automatically collected by browser cookies.
- Other information provided by you, e.g., in e-mails.
- Who receives my data?Within our company, other departments receive your data required to fulfill our contractual and legal obligations. Processors (Art. 28 GDPR) may also receive data for these purposes. The following categories of recipients may receive your data:
- IT service providers for maintenance work, archiving, e-mail support.
- authorities and courts within the scope of their jurisdiction
- insurance companies
- auditors, legal advisors, credit institutions, tax consultants
- logistics service providers and document shredding companies
- credit agencies and debt collection companies
- affiliated companies within our Group, namely:
- European Union:
- INTERPRINT GmbH
- Toppan Merrill GmbH
- TOPPAN GRAVITY S.L.U.
- Toppan Packaging Czech s.r.o.
- Japan:
- TOPPAN Holdings Inc. Japan
- TOPPAN Inc.
- TOPPAN Digital Inc.
- Toppan Packaging Products Co., Ltd.
- Toppan Decor Products Inc.
- UK:
- InterFlex Scotland Limited
- Toppan Digital Language Ltd.
- USA:
- Toppan USA, Inc.
- Toppan Printing Co., (America) Inc.
- INTERPRINT Inc.
- Toppan Merrill LLC
- InterFlex Acquisition Company, LLC
- Singapore:
- Toppan Leefung Pte.Ltd.
- UEA:
- GRAVITY GROUP IND.LLC
- European Union:
- Will my data be transferred to third countries outside the European Union?A transfer of data to third countries (countries outside the European Economic Area – EEA) occurs when using processors based in a third country (in particular, this concerns IT services). The Personal Data collected may be transferred to the following countries outside the European union with the following safeguards:
- United Kingdom (adequacy decision)
- Japan (adequacy decision)
- USA (SCC)
- China (SCC)
- UAE (SCC)
- Singapore (SCC)
- How long will my data be stored?To the extent necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract. It should be noted that our business relationship is a continuing obligation, which is intended to last for several years. In addition, we are subject to various statutory storage and documentation obligations (e.g. from the German Commercial Code (Handelsgesetzbuch – HGB), the German Fiscal Code (Abgabe-nordnung – AO), the German Banking Act (Kreditwesengesetz – KWG) and the German Money Laundering Act (Geldwäschegesetz – GwG). The periods specified there for storage or documentation are generally up to ten years. In addition, we may have a legitimate interest in storing the data, such as the limitation periods under the German Civil Code (Bürgerliches Gesetzbuch – BGB), which can be up to thirty years. This processing relies on Art. 6(1) (c) GDPR. If we have processed data on the basis of your consent, we will delete this data after revoking your consent and insofar as no other retention obligations exist.
- Am I obliged to provide my data?In order to enter into a business relationship with us, you are only required to provide the data that is necessary for its execution or that we are legally obligated to collect. It is not possible for us to execute a contract without this data. Apart from that, you are not obliged to provide any further data and failure of provision of any further data does not have negative consequences.
- Does profiling or automated decision-making take place?Profiling or automated decision-making does not take place.
- Your rightsAs a data subject, you are entitled to the following rights under Chapter 3 of the GDPR:
- Information: You have the right to receive information about the data stored about you.
- Correction: You have the right to request the correction of incorrect and incomplete data stored about you.
- Deletion: You have the right to demand the deletion of the data stored about you if the legal requirements are met.
- Restriction of processing: You have the right to demand the restriction of future data processing under the legal conditions.
- Data portability: You have the right to receive data that we have received from you in a common format or to forward it to third parties.
- Objection: You have the right to object to processing based on a legitimate interest on personal grounds. In the case of direct advertising, you have an unrestricted right to object.
- Revocation: If you have given us consent, you can revoke it at any time with effect for the future. If you want to exercise any of these rights, please contact our data protection officer.
- Complaint: Moreover, you have the right to file a complaint with a data protection supervisory authority. The competent supervisory authority is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen Kavalleriestr. 2-4 40213 Düsseldorf E-mail: poststelle [at] ldi.nrw.de
- Changes to this privacy policyWe reserve the right to update this privacy policy at any given point. A change of the privacy policy only concerns personal data collected or edited after said change. We will inform you in due course prior to any changes. Last update: March 2024